Jump to content

Trojan.Agent.Gen Infection


Recommended Posts

I posted to the false positives forum and was told to post here after running DDS, GMER, etc. Attached are the GMER and DDS files. I tired to upload a zip file and it wouldn't allow it. Below is the MB log and DDS log files. Please let me know if I am infected and what I can do to get rid of them. MB cannot eliminate them. Thank you in advance for your help.

MB Log .....

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5276

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/9/2010 12:17:03 PM

mbam-log-2010-12-09 (12-17-03).txt

Scan type: Flash scan

Objects scanned: 112228

Time elapsed: 1 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\administrator\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

c:\documents and settings\all users\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

c:\documents and settings\default user\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

c:\documents and settings\localservice\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

c:\documents and settings\networkservice\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

c:\documents and settings\sab.sablaptop\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

c:\documents and settings\sab\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

c:\windows\system32\config\systemprofile\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

DDS Log .......

DS (Ver_10-12-05.01) - NTFSx86

Run by SAB at 16:25:25.59 on Wed 12/08/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.840 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kaseya\Agent\AgentMon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Snippy\Snippy.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

Attach.txt

ark.txt

Link to post
Share on other sites

Hello sabarnhill! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

  1. Malwarebytes' Anti-Malware log
  2. a new fresh DDS log only

Link to post
Share on other sites

Hello sabarnhill! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

  1. Malwarebytes' Anti-Malware log
  2. a new fresh DDS log only

Below is the new DDS and MBAM logs .......

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5282

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/9/2010 4:39:38 PM

mbam-log-2010-12-09 (16-39-38).txt

Scan type: Flash scan

Objects scanned: 110964

Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\administrator\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

c:\documents and settings\all users\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

c:\documents and settings\default user\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

c:\documents and settings\localservice\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

c:\documents and settings\networkservice\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

c:\documents and settings\sab.sablaptop\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

c:\documents and settings\sab\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

c:\windows\system32\config\systemprofile\application data\hotfix.exe (Trojan.Agent.Gen) -> Delete on reboot.

DDS .......

DDS (Ver_10-12-05.01) - NTFSx86

Run by SAB at 16:36:19.82 on Thu 12/09/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1255 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kaseya\Agent\AgentMon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\SAB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Snippy\Snippy.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\msiexec.exe

C:\Documents and Settings\SAB\Desktop\Scan.com

============== Pseudo HJT Report ===============

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.